Infosec Interview Guide

Overview

The purpose of this guide is to help us interview infosec candidates. The questions here are behavioral in nature, designed to get candidates talking about specific situations and how they handled them. Guidelines are suggested for evaluating the strength of the answers.

Whenever possible, ask these questions exactly as they’re worded to try to get consistency between multiple candidates. When interviewing, please take notes, and note what the candidate says, rather than your impressions — that will help you share behavior reasons for your conclusions and decisions.

Remember to be as pleasant and friendly as you can be! You can deliver a demanding interview while being kind and empathetic.

For more information on interviewing in general, check out the interviewing guide.

Introductory Statement

You should say this, or something close to it, before beginning:

Thanks for interviewing with me today. This’ll be a behavioral interview, which means I’ll ask a series of questions about experiences you’ve had and how you handled them. There are no “right” answers; I’m interested in talking through these situations with you. I’ve got about 4-5 questions, and this will take us about an hour, perhaps a bit less. Don’t be surprised if others ask the same questions in other interviews; that’s normal.

There’ll be times when I ask for more information, or want to dig deeper into your answers. That’s normal, too: I want to make sure I understand what you did and why. I’ll be taking notes, please don’t let that distract you.

I’ll ask you my questions first, and then I’ll leave some time to answer any questions you’ve got for me. I’m excited you’re here - let’s get started!

General questions

These questions cover commonalities about all security roles, and are for candidates in all three roles.

Questions for Application Security Engineers and Security Operations Engineers

Questions for Penetration Testers